Chapter 5: Network security technologies

Question 1

Which systems are designed to monitor network traffic and other events, and look for anything suspicious that might indicate an attack?

Answer 1

Intrusion Detection System (IDS) and Intrusion Prevention System (IPS)

Question 2

What intrusion detection method examines traffic by comparison to a profile of how its protocol is supposed to work

Answer 2

Stateful protocol analysis

Question 3

Which intrusion detection method uses heuristic methods that look for behaviors which seems unusual relative to the normal baseline. It has the ability to identify zero day attacks.

Answer 3

Anomaly based

Question 4

What term refers to the combination of AAA systems with network segmentation and host-level security?

Answer 4

Network Access Control (NAC)

Question 5

What is the term for appliances, hardware or software designed to transparently combine distributed services into a single virtual whole?

Answer 5

Load Balancing

Question 6

Which load balancing technique moves the processing overhead associated with SSL or TLS encryption to another server or a hardware appliance with accelerate encryption features?

Answer 6

SSL acceleration

Question 7

Which load balancing technique reduces the bandwidth required by some kinds of data traffic

Answer 7

Data compression

Question 8

Which load balancing technique monitors each server in the load balancing pool, then removes it if it fails

Answer 8

Health checking

Question 9

Which load balancing technique moves resource intensive TCP services to different servers than those performing server application functions

Answer 9

TCP offloading

Question 10

Which load balancing technique is similar to QOS, and allows some traffic to be prioritized

Answer 10

Priority queuing

Question 11

Which load balancing technique allows the balancer to store frequently accessed content?

Answer 11

Content caching

Question 12

Which load balancer configuration makes sure that incoming connections are spread evenly throughout servers without overloading any of them?

Answer 12

scheduling

Question 13

Which load balancer configuration allows “sticky” sessions to enable traffic fro the same user to go to the same server to maintain session integrity?

Answer 13

sessions

Question 14

Which load balancer failover technique keeps all redundant servers active and sharing the load?

Answer 14

active/active

Question 15

Which load balancer failover technique keeps multiple failover nodes on standby?

Answer 15

active/passive

Question 16

Which proxy mediates communications between LAN clients and Internet servers. It requires client side configuration, and is often used in small, heavily secured networks.

Answer 16

Forward proxy

Question 17

Which proxy operates like forward proxies, but don’t require client side configuration?

Answer 17

Transparent proxies (also known as forced proxies)

Question 18

Which proxy mediates communications between Internet clients and LAN servers?

Answer 18

Reverse proxies

Question 19

Which proxy is hosted on the internet and masks the client’s original IP address from the server?

Answer 19

Anonymous proxy

Question 20

Which tool combines multiple security functions into a single device.

Answer 20

Unified Threat Management (UTM)/Next-generation firewalls (NGFW)

Question 21

Which monitoring tool can read packet headers to determine traffic patterns or view protocol information in depth?

Answer 21

Network analyzer (aka: packet analyzer or protocol analyzer)

Question 22

Which monitoring tool can be used to find performance issues or detect unexpected traffic?

Answer 22

Bandwidth monitor

Question 23

Which monitoring tool is a port on a switch or other network device configured to copy traffic on other links and forward it to a logging analysis system.

Answer 23

Port mirror (aka: Switched port analyzer)

Question 24

Which monitoring tool is a hardware device designed to perform port mirroring? It has an A port, a B port, and a monitor port

Answer 24

Network tap

Question 25

Which tool combines input from port mirrors and taps across the network, then filters the raw data before feeding it into a monitoring system

Answer 25

Traffic aggregator

Question 26

Which monitoring tool receives, stores and preprocesses networking monitoring data, especially in the context of Netflow analysis. Might lie between a traffic aggregator an analysis software

Answer 26

Collector

Question 27

Which monitoring tool finds congestion, reception, and coverage area and detects rogue APs

Answer 27

Wireless analyzers

Question 28

Which monitoring tool remotely manages network devices, but also gathers network information

Answer 28

SNMP

Question 29

Which monitoring tool is a central solution that actively monitors and reports on data collected by logging tools?

Answer 29

Security Information and Event Management (SIEM)

Question 30

Which monitoring tool detects temperature, humidity, or electric power quality

Answer 30

Physical sensor

Question 31

in SNMP, which entity is described by SNMP software running on a manged device?

Answer 31

Agent

Question 32

in SNMP, which entity is a software application used to manage agents.

Answer 32

Manager (aka: Network Management System NMS)

Question 33

In SNMP, what is a unique number corresponding to a property that be monitored on a single device?

Answer 33

Object Identifier

Question 34

In SNMP, what is a database containing OIDs for managed devices, arranged in a tree-like hierarchical fashion.

Answer 34

Management Information Base (MIB)

Question 35

Which version of SNMP is the most secure?

Answer 35

version 3

Question 36

Which monitoring tool provides real time traffic reporting? Devices (called flow exporters) identify network flows and send data about them to a centralized flow collector where it is processed and stored.

Answer 36

Netflow

Question 37

Which network analysis technique finds increases, decreases or predictable patterns.

Answer 37

Trend analysis

Question 38

Which network analysis technique compares data to an established baseline

Answer 38

Anomaly analysis

Question 39

Which network analysis technique compares new data against known threats to find similar behaviors even without an exact treat signature

Answer 39

Heuristic analysis

Question 40

Which network analysis technique collects user behavior data and then uses it to recognize unusual actions that might represent a security incident?

Answer 40

User and entity behavioral analytics (UEBA)

Question 41

Which network analysis technique uses text analysis and natural language processing to determine the emotional state of words and speech?

Answer 41

Sentiment analysis

Question 42

Which technique uses synthetic network traffic that resembles genuine communications. It’s often used by distributed honeypots to emulate regular network activity and make decoy systems less suspicious
to an attacker, but normal devices can also generate it in addition to their other communications.

Answer 42

Fake telemetry

Question 43

Which technique DNS requests from malware and and responds with deliberately incorrect data?

Answer 43

DNS sinkhole